Search
Close this search box.

Secure Your WordPress Site, Lock Stock and Barrel

There is no point in having an array of locks at your disposal, if you do not use them, or don’t know how to use them to safeguard your property. In the case of information, especially your private information, a heavy duty lock is what you need at all times. To protect, in this case, a repository of valuable information, it is important to have a good lock and ensure that it is fixed strongly to the door.
Table of Contents

Sponsored Ad

If you purchase through a link on our site, we may earn a commission.

There is no point in having an array of locks at your disposal, if you do not use them, or don’t know how to use them to safeguard your property. In the case of information, especially your private information, a heavy duty lock is what you need at all times. To protect, in this case, a repository of valuable information, it is important to have a good lock and ensure that it is fixed strongly to the door. Likewise, a website is only as strong as the password and login page. And that is in your hands, to a large extent.

To help protect your website, there are two basic requirements: (i) safeguard your password; and (ii) secure the login screen. There are a plethora of plugins that are helpful in this endeavour. Login LockDown is one such plugin; it blocks users who attempt to guess the password to your website. Another such app is the Google Authenticator which reduces the chance of a security breach even further. The most common method of ensuring the safety of the login screen is with the use of Captcha.

Login LockDown

Login Lockdown registers every failed login attempt and the corresponding IP address. After three attempts, it blocks all further login attempts from said IP for an hour. These are the default settings, and the time and number of attempts may be altered to suit your specific requirements. It is a good tool in preventing unauthorised access by someone close to you, who may be able to guess the password.

1 2

While this plugin is ideal for securing the safety of your WordPress site, it is not advisable for people who tend to forget passwords. After you login successfully, you can unblock the blocked IPs from the Dashboard.

With this plugin, you can easily find out the IP address that launched the unsuccessful login attempts on your site; and possibly even trace the IP address to the source. But the user must beware: the plugin may malfunction if other plugins interfere with its working.

You can download the plugin hereΒ 

Google Authenticator

For smartphone savvy people, who require seamless connectivity to their WordPress sites the Google Authenticator is the ideal plugin for additional safety.Β  Once you setup the plugin, you need to install the Google Authenticator app which is available for smartphones such as Android, Blackberry and iOS-based devices. The app works in conjunction with the plugin to make your login process much more secure.

3 4

Normally, passwords can be cracked by means of brute force attack. If you use Google Authenticator then it renders the possibility of password compromise moot. When a person breaks into your account with the password, the screen asks for the Google Authenticator password. This password is available only to you provided you have the app installed on your smartphone.

Even if a hacker figures out your username and password, it will be nearly impossible to determine the unique code provided by the Google Authenticator as you will be the only person who has access to the code. Not only that, the code is time-bound and expires in a short interval of time. That’s why it is nearly impossible to access a WordPress website that has been adequately protected by plugins such Google Authenticator.

One disadvantage of the Google Authenticator is that it necessitates the use of a smartphone in conjunction with a computer system. It cannot be used independently.

You can download the plugin here

Captcha

Captcha is one the most simple and most effective ways to improve the security of a site. More than one plugin on WordPress uses Captcha to protect the site from spam and bot attacks. The use of Captcha eliminates the possibility of brute force attack, in the process greatly decreasing the likelihood of falling to cyber-attacks.

Different types of Captcha

Normal Captcha is available in WordPress, this plugin can be applied to the login page, reset password screen and comment forms.

You can find it here

5

There are also other types includingΒ SI CaptchaΒ that specialises in prevention of spamming by automated bots,Β Sweet CaptchaΒ that adds colour to your site. There is anΒ Invisible CaptchaΒ plugin that prioritizes the protection of comments from spam. For users who require puzzle and intrigue in their Captcha, there isΒ Enmask Captcha.

6 7

Finally, just remember…

Plugins may well save the day for you, but there is no substitute for a strong password that comprises of dual case characters, numbers and special characters in no specific order.Β  Should your site ever get compromised, the first course of action is to use the ”forgot password” option, login with the new password and change it immediately.

Be prepared! Be safe!

If you enjoyed this post, make sure to subscribe to WP Mayor’s RSS feed.

Alyona is a WordPress enthusiast, focused on sharing interesting things she comes across during her work with this great CMS. She loves exploring new destinations and maintains a travel blog at www.alyonatravels.com

Sponsored Ad

If you purchase through a link on our site, we may earn a commission.

All suggestions are anonymous.

More from our blog...

One Response

  1. I’m using SI Captcha. It saved me a lot from bruteforce attack. But these peoples keep coming again and again even if they’re in the blocked list.

Post a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay updated with WP Mayor's newsletter showcase every week

Stay on top of every new WordPress innovation and latest launches. Receive all our fresh product reviews and expert guides directly in your inbox.

Hosting Survey 2024

Are you happy with your hosting provider or are you over-paying for too little? Have your say below!

"*" indicates required fields

What's the main reason you picked this host?*
How happy are you with your host?*

OPTIONAL: If you'd like to receive the results of this survey, please enter your details below.